See this page as a slide show
- Web browsers use HTTP & HTTPS application-level protocols.
- These are TCP protocols on ports 80 & 443.
- Use HTTPS!
- HTTP is unencrypted. Anybody can see what you’re doing.
- HTTP is unsigned. Its contents can be replaced
or modified anywhere en route, and you wouldn’t know.
- Downloading software? I hope that nobody in the middle altered it!
GET /~ct320/Fall18/Lecture/WWW HTTP/1.1
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.75 Chrome/62.0.3202.75 Safari/537.36
- The response from the web server looks like this:
HTTP/1.1 200 OK
Date: Tue, 16 Jan 2018 23:39:17 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux)
Content-Type: text/html; charset=UTF-8
<title>CT320 | Lecture / WWW</title>
Browsing Security Considerations
- The HTTPS payload (request & response) is encrypted, going both ways.
- However, IP source & destination numbers are in the IP packet, so everybody
knows that I’m talking to www.cs.colostate.edu.
- However, nobody knows that I’m asking for the CT320 Perl lecture.
- What will be revealed if you fetch
- Chrome: Incognito
- Firefox: Private
- Internet Explorer: InPrivate
- What does it actually do?